Inside MSRC: Microsoft releases searchable update database

Microsoft's Christopher Budd explains the software vendor's new Update Catalog, a searchable database of all Microsoft security updates, drivers, and service packs. Also a look at this month's updates.

By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

To help you assess this month's release, I'll cover the re-release and the security advisory. I'll also cover the changes in functionality in two of this month's Critical new security updates as well.

First, I want to mention our detection and deployment tools so you are aware of the latest deadlines and new offerings.

Last month's bulletin release marked the end of support for SUS 1.0. This means that starting with this month's release, new updates, including security updates, will NOT be available through SUS 1.0. We hope that everyone has migrated to a supported version of Windows Server Update Services (WSUS): either WSUS 2.0 or the new WSUS 3.0. If you have not migrated, we encourage you to do so right away because your SUS 1.0 clients will not receive this month's security updates or any future security updates.

About Inside MSRC:

As part of a special partnership with SearchSecurity.com, Christopher Budd, security program manager for the Microsoft Security Response Center (MSRC), offers an inside look at the process that leads up to "Patch Tuesday" and guidance to help security professionals make the most out of the software giant's security updates.

This new tool can help you deploy updates including security updates. The Microsoft Update Catalog is a searchable catalog of all security updates, drivers and service packs that are available through Windows Update (WU) and Microsoft Update (MU). You can also use the Microsoft Update Catalog to obtain and deploy hotfixes. You can use the Microsoft Update Catalog to distribute these updates through a corporate network using tools such as WSUS 3.0, System Center Essentials (SCE) or System Center Configuration Manager (SCCM).

The Microsoft Update Catalog expands the capabilities of your update deployment infrastructure and provides the capability to deploy hotfixes to address known issues in security updates when they occur. We encourage all who are using WSUS 3.0, SCE or SSCM to evaluate the Microsoft Update Catalog for their environment.

Expiration of Support for MBSA 1.2.1

I also want to remind you again of the upcoming expiration of support for Microsoft Baseline Security Analyzer (MBSA) 1.2.1 on Oct. 9, 2007. Once again, we encourage all customers to upgrade toMBSA 2.0.1, the latest version of MBSA.

Microsoft Security Advisory (932596)

We are releasing one security advisory today: Microsoft Security Advisory (932596). This is to make customers who run x64-based Windows operating systems aware of an update for Kernel Patch Protection.

This update adds additional checks to Kernel Patch Protection for increased reliability, performance and security. We periodically make updates to improve the security of Kernel Patch Protection. While this update does not address security vulnerabilities in Kernel Patch Protection, it contains changes that help improve security. So, we are releasing Microsoft Security Advisory (932596) to help customers who run x64-based Windows operating systems so they are aware of this update, and to encourage them to test and deploy it.

Re-Release of MS07-038

We are re-releasing MS07-038, the security update for the Windows Vista Firewall from July 2007. There are no changes to the update itself; the update as originally released protects against the vulnerability discussed in the bulletin. We've made changes to the installer for this update to address installation issues that a very small number of customers were experiencing. These are outlined in Microsoft Knowledge Base Article 935807. If you've already applied this update then you do not need to take any action. However, if you were experiencing the issues outlined in the article, you should go ahead and apply the updated version.

For the new security updates this month, I call your attention to information about this month's Microsoft Internet Explorer security update for your risk assessment and your testing and deployment.

Specifically, while this bulletin is rated as "Critical" for Internet Explorer 5.01 and Internet Explorer 6 on Windows XP Service Pack (SP) 2, it is rated as "Important" for Internet Explorer 7 on Windows XP SP2 and Windows Vista. Further, because of the Enhanced Security Configuration (ESC) on Windows Server 2003 SP1 and SP2, this is rated as "Moderate" for these platforms when running Internet Explorer 6 and "Low" when running Internet Explorer 7.

Next, in addition to addressing the security updates discussed in the bulletin, this month's IE update sets the killbit for a number of ActiveX controls:

ouactrl.ocx: a control that is out of support

The CAPICOM control addressed in Microsoft Security Bulletin MS07-028

The Download Manager ActiveX control, available from Akamai Technologies

In closing, I want to encourage you to join me and Mike Reavey on Wednesday, Aug. 15, at 11 a.m. Pacific Time. Like we do each month, we'll review the bulletin in more depth and answer your questions with information from our subject matter experts. If you can't join us for the live webcast, don't forget that you can listen to it later on demand. You can register for the webcast here.

Be sure to mark your calendars for the September 2007 bulletin, which will release on Tuesday, Sept. 11th. I'll be joining you here again in September with information to help you plan and deploy the release for your environment.

E-Handbook

0 comments

E-Mail

Username / Password

Password

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy